CVE-2026-32993 - Vulnerability Analysis
HighCVSS: 8.3Last Updated: May 14, 2026
Unknown Product - HTTP Header Injection
Overview
An unspecified vendor product contains an HTTP header injection caused by improper sanitization of the "status" query parameter in the /unprotected/nova_error endpoint, letting unauthenticated attackers inject arbitrary HTTP headers.
Severity & Score
Impact
Unauthenticated attackers can inject arbitrary HTTP headers, potentially leading to cache poisoning or security bypass.
Mitigation
Update to the latest version or apply patches that sanitize the "status" parameter properly.
Social Media Activity(2 posts)
š CVE-2026-32993 - High (8.3) Improper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response. š https://www.thehackerwire.com/vulnerability/CVE-2026-32993/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-32993 - High (8.3) Improper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response. š https://www.thehackerwire.com/vulnerability/CVE-2026-32993/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-32993
- Severity
- High
- CVSS Score
- 8.3
- Type
- crlf_injection
- Status
- rejected
- EPSS
- 6.6%
- Social Posts
- 2
CWE
- CWE-93
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L